#this file contains the following data structures :
# packages, specialGitUrl, runCmds, postInstall, desc, links

# ##################################################################
#          KALI's PACKAGES DEFINITIONS, INSTALL PROCEDURES
# ##################################################################

# package definitions
packages = {}
packages['info_gathering'] = ['acccheck', 'ace-voip', 'amap', 'automater', 'bing-ip2hosts', 'braa', 'casefile', 'cdpsnarf', 'cisco-torch', 'cookie-cadger', 'copy-router-config', 'dmitry', 'dnmap', 'dnsenum', 'dnsmap', 'dnsrecon', 'dnstracer', 'dnswalk', 'dotdotpwn', 'enum4linux', 'enumiax', 'exploitdb', 'fierce', 'firewalk', 'fragroute', 'fragrouter', 'ghost-phisher', 'golismero', 'goofile', 'hping3', 'intrace', 'ismtp', 'lbd', 'maltego-teeth', 'masscan', 'metagoofil', 'miranda', 'nmap', 'ntop', 'p0f', 'parsero', 'recon-ng', 'set', 'smtp-user-enum', 'snmpcheck', 'sslcaudit', 'sslsplit', 'sslstrip', 'sslyze', 'thc-ipv6', 'theharvester', 'tlssled', 'twofi', 'urlcrazy', 'wireshark', 'wol-e', 'xplico']
packages['vuln_analysis'] = ['bbqsql', 'bed', 'cisco-auditing-tool', 'cisco-global-exploiter', 'cisco-ocs', 'cisco-torch', 'commix', 'copy-router-config', 'dbpwaudit', 'doona', 'greenbone-security-assistant', 'gsd', 'hexorbase', 'inguma', 'jsql', 'lynis', 'nmap', 'ohrwurm', 'openvas-administrator', 'openvas-cli', 'openvas-manager', 'openvas-scanner', 'oscanner', 'powerfuzzer', 'sfuzz', 'sidguesser', 'siparmyknife', 'sqlmap', 'sqlninja', 'sqlsus', 'thc-ipv6', 'tnscmd10g', 'unix-privesc-check', 'yersinia']
packages['wifi'] = ['aircrack-ng', 'asleap', 'bluelog', 'bluemaho', 'bluepot', 'blueranger', 'bluesnarfer', 'bully', 'cowpatty', 'crackle', 'eapmd5pass', 'fern-wifi-cracker', 'ghost-phisher', 'giskismet', 'gr-scan', 'kalibrate-rtl', 'killerbee', 'kismet', 'mdk3', 'mfcuk', 'mfoc', 'mfterm', 'multimon-ng', 'pixiewps', 'reaver', 'redfang', 'rtlsdr-scanner', 'spooftooph', 'wifi-honey', 'wifitap', 'wifite']
packages['web'] = ['apache-users', 'arachni', 'bbqsql', 'blindelephant', 'burpsuite', 'commix', 'cutycapt', 'davtest', 'deblaze', 'dirb', 'dirbuster', 'fimap', 'funkload', 'grabber', 'jboss-autopwn', 'joomscan', 'jsql', 'maltego-teeth', 'padbuster', 'paros', 'parsero', 'plecost', 'powerfuzzer', 'proxystrike', 'recon-ng', 'skipfish', 'sqlmap', 'sqlninja', 'sqlsus', 'ua-tester', 'uniscan', 'vega', 'w3af', 'webscarab', 'webshag', 'webslayer', 'websploit', 'wfuzz', 'wpscan', 'xsser', 'zaproxy']
packages['sniffing_spoofing'] = ['burpsuite', 'dnschef', 'fiked', 'hamster-sidejack', 'hexinject', 'iaxflood', 'inviteflood', 'ismtp', 'isr-evilgrade', 'mitmproxy', 'ohrwurm', 'protos-sip', 'rebind', 'responder', 'rtpbreak', 'rtpinsertsound', 'rtpmixsound', 'sctpscan', 'siparmyknife', 'sipp', 'sipvicious', 'sniffjoke', 'sslsplit', 'sslstrip', 'thc-ipv6', 'voiphopper', 'webscarab', 'wifi-honey', 'wireshark', 'xspy', 'yersinia', 'zaproxy']
packages['keep_access'] = ['cryptcat', 'cymothoa', 'httptunnel', 'intersect', 'nishang', 'powersploit', 'ridenum', 'u3-pwn', 'webshells', 'weevely', 'dbd', 'dns2tcp', 'httptunnel', 'polenum', 'pwnat', 'sbd']
packages['reporting'] = ['casefile', 'cutycapt', 'dos2unix', 'dradis', 'keepnote', 'magictree', 'metagoofil', 'nipper-ng', 'pipal']
packages['exploitation'] = ['armitage', 'backdoor-factory', 'beef', 'cisco-auditing-tool', 'cisco-global-exploiter', 'cisco-ocs', 'cisco-torch', 'commix', 'crackle', 'jboss-autopwn', 'linux-exploit-suggester', 'maltego-teeth', 'set', 'shellnoob', 'sqlmap', 'thc-ipv6', 'yersinia']
packages['forensics'] = ['binwalk', 'bulk-extractor', 'capstone', 'chntpw', 'cuckoo', 'dc3dd', 'ddrescue', 'dff', 'distorm3', 'dumpzilla', 'extundelete', 'foremost', 'galleta', 'guymager', 'iphone-backup-analyzer', 'p0f', 'pdf-parser', 'pdfid', 'pdgmail', 'peepdf', 'regripper', 'volatility', 'xplico']
packages['stress_test'] = ['dhcpig', 'funkload', 'iaxflood', 'inundator', 'inviteflood', 'ipv6-toolkit', 'mdk3', 'reaver', 'rtpflood', 'slowhttptest', 't50', 'termineter', 'thc-ipv6', 'thc-ssl-dos']
packages['passwords'] = ['acccheck', 'burpsuite', 'cewl', 'chntpw', 'cisco-auditing-tool', 'cmospwd', 'creddump', 'crunch', 'dbpwaudit', 'findmyhash', 'gpp-decrypt', 'hash-identifier', 'hexorbase', 'john', 'johnny', 'keimpx', 'maltego-teeth', 'maskprocessor', 'multiforcer', 'ncrack', 'oclgausscrack', 'pack', 'patator', 'phrasendrescher', 'polenum', 'rainbowcrack', 'rcracki-mt', 'rsmangler', 'sqldict', 'statsprocessor', 'hydra', 'thc-pptp-bruter', 'truecrack', 'webscarab', 'wordlists', 'zaproxy']
packages['reverse_engineering'] = ['apktool', 'dex2jar', 'distorm3', 'edb-debugger', 'jad', 'javasnoop', 'jd-gui', 'ollydbg', 'smali', 'valgrind', 'yara']
packages['hardware'] = ['android-sdk', 'apktool', 'arduino', 'dex2jar', 'sakis3g', 'smali']
packages['extras'] = ['squid3', 'wifresti']

# adds a redirect for user's numeric input
packages['0'] = packages['info_gathering']
packages['1'] = packages['vuln_analysis']
packages['2'] = packages['wifi']
packages['3'] = packages['web']
packages['4'] = packages['sniffing_spoofing']
packages['5'] = packages['keep_access']
packages['6'] = packages['reporting']
packages['7'] = packages['exploitation']
packages['8'] = packages['forensics']
packages['9'] = packages['stress_test']
packages['10'] = packages['info_gathering']
packages['11'] = packages['passwords']
packages['12'] = packages['reverse_engineering']
packages['13'] = packages['hardware']
packages['14'] = packages['extras']

# special git folders. If found here, will use this URL instead of the default one
specialGitURL = {}
specialGitURL['wifresti'] = 'https://github.com/LionSec/wifresti.git'

# post-install scripts (what to do after cloning)
postInstall = {}
postInstall["nmap"] = ["./configure", "make", "make install"]
postInstall["nikto"] = ["echo \"#!/bin/sh\ncd $(pwd)/program; ./nikto.pl\" > nikto.sh", "chmod u+x nikto.sh"]

# how to run the cloned git (the script already guesses if there's an executable, this is for custom stuff)
runCmds = {}

# ##################################################################
#          KALI's PACKAGES SHORT DESCRIPTIONS, LINKS
# ##################################################################

desc = {}
desc['acccheck'] = "The tool is designed as a password dictionary attack tool that targets windows authentication via the SMB protocol. It is really a wrapper script around the ‘smbclient’ binary, and as a result is dependent on it for its execution."
desc['ace-voip'] = "ACE (Automated Corporate Enumerator) is a simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface. In the same way that the “corporate directory” feature of VoIP hardphones enables users to easily dial by name via their VoIP handsets, ACE was developed as a research idea born from “VoIP Hopper” to automate VoIP attacks that can be targeted against names in an enterprise Directory. The concept is that in the future, attacks will be carried out against users based on their name, rather than targeting VoIP traffic against random RTP audio streams or IP addresses. ACE works by using DHCP, TFTP, and HTTP in order to download the VoIP corporate directory. It then outputs the directory to a text file, which can be used as input to other VoIP assessment tools."
desc['aircrack-ng'] = "Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools."
desc['amap'] = "Amap was the first next-generation scanning tool for pentesters. It attempts to identify applications even if they are running on a different port than normal. It also identifies non-ascii based applications. This is achieved by sending trigger packets, and looking up the responses in a list of response strings."
desc['android-sdk'] = "The Android SDK provides you the API libraries and developer tools necessary to build, test, and debug apps for Android."
desc['apache-users'] = "This Perl script will enumerate the usernames on any system that uses Apache with the UserDir module."
desc['apktool'] = "It is a tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like files structure and automation of some repetitive tasks like building apk, etc. It is NOT intended for piracy and other non-legal uses. It could be used for localizing, adding some features or support for custom platforms and other GOOD purposes. Just try to be fair with authors of an app, that you use and probably like."
desc['arachni'] = "Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives. It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform."
desc['arduino'] = "Arduino is an open-source electronics prototyping platform based on flexible, easy-to-use hardware and software. It’s intended for artists, designers, hobbyists, and anyone interested in creating interactive objects or environments."
desc['armitage'] = "Armitage is a scriptable red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework. Through one Metasploit instance, your team will: (1) Use the same sessions, (2) Share hosts, captured data, and downloaded files, (3) Communicate through a shared event log, (4) Run bots to automate red team tasks. Armitage is a force multiplier for red team operations."
desc['asleap'] = "Demonstrates a serious deficiency in proprietary Cisco LEAP networks. Since LEAP uses a variant of MS-CHAPv2 for the authentication exchange, it is susceptible to accelerated offline dictionary attacks. Asleap can also attack the Point-to-Point Tunneling Protocol (PPTP), and any MS-CHAPv2 exchange where you can specify the challenge and response values on the command line."
desc['automater'] = "Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal."
desc['backdoor-factory'] = "The goal of BDF is patch executable binaries with user desidered shellcode and continue normal execution of the prepatched state. Supporting: Windows PE x32/x64 and Linux ELF x32/x64 (System V). Some executables have built in protections, as such this will not work on all binaries. It is advisable that you test target binaries before deploying them to clients or using them in exercises."
desc['bbqsql'] = "Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don’t you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues. BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast."
desc['bed'] = "BED is a program which is designed to check daemons for potential buffer overflows, format strings et. al."
desc['beef'] = "BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context."
desc['bing-ip2hosts'] = "Bing.com is a search engine owned by Microsoft formerly known as MSN Search and Live Search. It has a unique feature to search for websites hosted on a specific IP address. Bing-ip2hosts uses this feature to enumerate all hostnames which Bing has indexed for a specific IP address. This technique is considered best practice during the reconnaissance phase of a penetration test in order to discover a larger potential attack surface. Bing-ip2hosts is written in the Bash scripting language for Linux. This uses the mobile interface and no API key is required."
desc['binwalk'] = "Binwalk is a tool for searching a given binary image for embedded files and executable code. Specifically, it is designed for identifying files and code embedded inside of firmware images. Binwalk uses the libmagic library, so it is compatible with magic signatures created for the Unix file utility. Binwalk also includes a custom magic signature file which contains improved signatures for files that are commonly found in firmware images such as compressed/archived files, firmware headers, Linux kernels, bootloaders, filesystems, etc."
desc['blindelephant'] = "The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable."
desc['bluelog'] = "Bluelog is a Linux Bluetooth scanner with optional daemon mode and web front-end, designed for site surveys and traffic monitoring. It’s intended to be run for long periods of time in a static location to determine how many discoverable Bluetooth devices there are in the area."
desc['bluemaho'] = "BlueMaho is GUI-shell (interface) for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do – testing to find unknown vulns. Also it can form nice statistics."
desc['bluepot'] = "Bluepot is a Bluetooth Honeypot written in Java, it runs on Linux. Bluepot was a third year university project attempting to implement a fully functional Bluetooth Honeypot. A piece of software designed to accept and store any malware sent to it and interact with common Bluetooth attacks such as “BlueBugging?” and “BlueSnarfing?”. Bluetooth connectivity is provided via hardware Bluetooth dongles. The system also allows monitoring of attacks via a graphical user interface that provides graphs, lists, a dashboard and further detailed analysis from log files."
desc['blueranger'] = "BlueRanger is a simple Bash script which uses Link Quality to locate Bluetooth device radios. It sends l2cap (Bluetooth) pings to create a connection between Bluetooth interfaces, since most devices allow pings without any authentication or authorization. The higher the link quality, the closer the device (in theory). Use a Bluetooth Class 1 adapter for long range location detection. Switch to a Class 3 adapter for more precise short range locating. The recision and accuracy depend on the build quality of the Bluetooth adapter, interference, and response from the remote device. Fluctuations may occur even when neither device is in motion."
desc['bluesnarfer'] = "A Bluetooth bluesnarfing Utility."
desc['braa'] = "Braa is a mass snmp scanner. The intended usage of such a tool is of course making SNMP queries – but unlike snmpget or snmpwalk from net-snmp, it is able to query dozens or hundreds of hosts simultaneously, and in a single process. Thus, it consumes very few system resources and does the scanning VERY fast.Braa implements its OWN snmp stack, so it does NOT need any SNMP libraries like net-snmp. The implementation is very dirty, supports only several data types, and in any case cannot be stated ‘standard-conforming’! It was designed to be fast, and it is fast. For this reason (well, and also because of my laziness ;), there is no ASN.1 parser in braa – you HAVE to know the numerical values of OID’s (for instance .1.3.6.1.2.1.1.5.0 instead of system.sysName.0)."
desc['bulk-extractor'] = "bulk_extractor is a program that extracts features such as email addresses, credit card numbers, URLs, and other types of information from digital evidence files. It is a useful forensic investigation tool for many tasks such as malware and intrusion investigations, identity investigations and cyber investigations, as well as analyzing imagery and pass-word cracking."
desc['bully'] = "Bully is a new implementation of the WPS brute force attack, written in C. It is conceptually identical to other programs, in that it exploits the (now well known) design flaw in the WPS specification. It has several advantages over the original reaver code. These include fewer dependencies, improved memory and cpu performance, correct handling of endianness, and a more robust set of options. It runs on Linux, and was specifically developed to run on embedded Linux systems (OpenWrt, etc) regardless of architecture. Bully provides several improvements in the detection and handling of anomalous scenarios. It has been tested against access points from numerous vendors, and with differing configurations, with much success."
desc['burpsuite'] = "Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun."
desc['capstone'] = "Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community."
desc['casefile'] = "CaseFile is the little brother to Maltego. It targets a unique market of ‘offline’ analysts whose primary sources of information are not gained from the open-source intelligence side or can be programmatically queried. We see these people as investigators and analysts who are working ‘on the ground’, getting intelligence from other people in the team and building up an information map of their investigation. CaseFile gives you the ability to quickly add, link and analyze data having the same graphing flexibility and performance as Maltego without the use of transforms. CaseFile is roughly a third of the price of Maltego."
desc['cdpsnarf'] = "CDPSnarf is a network sniffer exclusively written to extract information from CDP packets. It provides all the information a “show cdp neighbors detail” command would return on a Cisco router and even more."
desc['cewl'] = "CeWL is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper. CeWL also has an associated command line app, FAB (Files Already Bagged) which uses the same meta data extraction techniques to create author/creator lists from already downloaded."
desc['chntpw'] = "This little program provides a way to view information and change user passwords in a Windows NT/2000 user database file. Old passwords need not be known since they are overwritten. In addition it also contains a simple registry editor (same size data writes) and an hex-editor which enables you to fiddle around with bits and bytes in the file as you wish."
desc['cisco-auditing-tool'] = "Perl script which scans cisco routers for common vulnerabilities."
desc['cisco-global-exploiter'] = "Cisco Global Exploiter (CGE), is an advanced, simple and fast security testing tool."
desc['cisco-ocs'] = "A mass Cisco scanning tool."
desc['cisco-torch'] = "Cisco Torch mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the “Hacking Exposed Cisco Networks”, since the tools available on the market could not meet our needs. The main feature that makes Cisco-torch different from similar tools is the extensive use of forking to launch multiple scanning processes on the background for maximum scanning efficiency. Also, it uses several methods of application layer fingerprinting simultaneously, if needed. We wanted something fast to discover remote Cisco hosts running Telnet, SSH, Web, NTP and SNMP services and launch dictionary attacks against the services discovered."
desc['cmospwd'] = "CmosPwd is a cross-platform tool to decrypt password stored in CMOS used to access a computer’s BIOS setup. This application should work out of the box on most modern systems, but some more esoteric BIOSes may not be supported or may require additional steps."
desc['commix'] = "Commix (short for [comm]and [i]njection e[x]ploiter) has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string. Commix is written in Python programming language."
desc['cookie-cadger'] = "Cookie Cadger helps identify information leakage from applications that utilize insecure HTTP GET requests. Web providers have started stepping up to the plate since Firesheep was released in 2010. Today, most major websites can provide SSL/TLS during all transactions, preventing cookie data from leaking over wired Ethernet or insecure Wi-Fi. But the fact remains that Firesheep was more of a toy than a tool. Cookie Cadger is the first open-source pen-testing tool ever made for intercepting and replaying specific insecure HTTP GET requests into a browser. Cookie Cadgers Request Enumeration Abilities Cookie Cadger is a graphical utility which harnesses the power of the Wireshark suite and Java to provide a fully cross-platform, entirely open- source utility which can monitor wired Ethernet, insecure Wi-Fi, or load a packet capture file for offline analysis."
desc['copy-router-config'] = "Copies configuration files from Cisco devices running SNMP."
desc['cowpatty'] = "Implementation of an offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal). Many enterprise networks deploy PSK-based authentication mechanisms for WPA/WPA2 since it is much easier than establishing the necessary RADIUS, supplicant and certificate authority architecture needed for WPA-Enterprise authentication. Cowpatty can implement an accelerated attack if a precomputed PMK file is available for the SSID that is being assessed."
desc['crackle'] = "crackle exploits a flaw in the BLE pairing process that allows an attacker to guess or very quickly brute force the TK (Temporary Key). With the TK and other data collected from the pairing process, the STK (Short Term Key) and later the LTK (Long Term Key) can be collected. With the STK and LTK, all communications between the master and the slave can be decrypted."
desc['creddump'] = "creddump is a python tool to extract various credentials and secrets from Windows registry hives. It currently extracts: (1) LM and NT hashes (SYSKEY protected), (2) Cached domain passwords, (3) LSA secrets, (4) It essentially performs all the functions that bkhive/samdump2, cachedump, and lsadump2 do, but in a platform-independent way. It is also the first tool that does all of these things in an offline way (actually, Cain & Abel does, but is not open source and is only available on Windows)."
desc['crunch'] = "Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations."
desc['cryptcat'] = "CryptCat is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol while encrypting the data being transmitted. It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities."
desc['cuckoo'] = "Cuckoo Sandbox is a malware analysis system. You can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment."
desc['cutycapt'] = "CutyCapt is a small cross-platform command-line utility to capture WebKit’s rendering of a web page into a variety of vector and bitmap formats, including SVG, PDF, PS, PNG, JPEG, TIFF, GIF, and BMP."
desc['cymothoa'] = "Cymothoa is a stealth backdooring tool, that inject backdoor’s shellcode into an existing process. The tool uses the ptrace library (available on nearly all * nix), to manipulate processes and infect them."
desc['davtest'] = "DAVTest tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which allow for command execution or other actions directly on the target. It is meant for penetration testers to quickly and easily determine if enabled DAV services are exploitable."
desc['dbd'] = "dbd is a Netcat-clone, designed to be portable and offer strong encryption. It runs on Unix-like operating systems and on Microsoft Win32. dbd features AES-CBC-128 + HMAC-SHA1 encryption (by Christophe Devine), program execution (-e option), choosing source port, continuous reconnection with delay, and some other nice features. dbd supports TCP/IP communication only. Source code and binaries are distributed under the GNU General Public License."
desc['dbpwaudit'] = "DBPwAudit is a Java tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory. Configuration is performed in two files, the aliases.conf file is used to map drivers to aliases and the rules.conf tells the application how to handle error messages from the scan."
desc['dc3dd'] = "dc3dd is a patched version of GNU dd with added features for computer forensics:. * on the fly hashing (md5, sha-1, sha-256, and sha-512) * possibility to write errors to a file * group errors in the error log * pattern wiping * progress report * possiblity to split output"
desc['ddrescue'] = "Like dd, dd_rescue does copy data from one file or block device to another. You can specify file positions (called seek and Skip in dd). There are several differences: (1) dd_rescue does not provide character conversions, (2) The command syntax is different. Call dd_rescue -h, (3) dd_rescue does not abort on errors on the input file, unless you specify a maximum error number. Then dd_rescue will abort when this number is reached, (4) dd_rescue does not truncate the output file, unless asked to, (5) You can tell dd_rescue to start from the end of a file and move backwards, (6) It uses two block sizes, a large (soft) block size and a small (hard) block size. In case of errors, the size falls back to the small one and is promoted again after a while without errors."
desc['deblaze'] = "Through the use of the Flex programming model and the ActionScript language, Flash Remoting was born. Flash applications can make request to a remote server to call server side functions, such as looking up accounts, retrieving additional data and graphics, and performing complex business operations. However, the ability to call remote methods also increases the attack surface exposed by these applications. This tool will allow you to perform method enumeration and interrogation against flash remoting end points. Deblaze came about as a necessity during a few security assessments of flash based websites that made heavy use of flash remoting. I needed something to give me the ability to dig a little deeper into the technology and identify security holes. On all of the servers I’ve seen so far the names are not case sensitive, making it much easier to bruteforce. Often times HTTP POST requests won’t be logged by the server, so bruteforcing may go unnoticed on poorly monitored systems."
desc['dex2jar'] = "dex2jar contains following compments: (1) dex-reader is designed to read the Dalvik Executable (.dex/.odex) format. It has a light weight API similar with ASM, (2) dex-translator is designed to do the convert job. It reads the dex instruction to dex-ir format, after some optimize, convert to ASM format, (3) dex-ir used by dex-translator, is designed to represent the dex instruction, (4) dex-tools tools to work with .class files. here are examples: Modify a apk, DeObfuscate a jar, (5) d2j-smali [To be published] disassemble dex to smali files and assemble dex from smali files. different implementation to smali/baksmali, same syntax, but we support escape in type desc, (6)dex-writer [To be published] write dex same way as dex-reader."
desc['dff'] = "DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Programming Interface (API). It can be used both by professional and non-expert people in order to quickly and easily collect, preserve and reveal digital evidences without compromising systems and data. (1) Preserve digital chain of custody: Software write blocker, cryptographic hash calculation, (2) Access to local and remote devices: Disk drives, removable devices, remote file systems, (3) Read standard digital forensics file formats: Raw, Encase EWF, AFF 3 file formats, (4) Virtual machine disk reconstruction: VmWare (VMDK) compatible, (5) Windows and Linux OS forensics: Registry, Mailboxes, NTFS, EXTFS 2/3/4, FAT 12/16/32 file systems, (6) Quickly triage and search for (meta-)data: Regular expressions, dictionaries, content search, tags, time-line, (7) Recover hidden and deleted artifacts: Deleted files / folders, unallocated spaces, carving, (8) Volatile memory forensics: Processes, local files, binary extraction, network connections."
desc['dhcpig'] = "DHCPig initiates an advanced DHCP exhaustion attack. It will consume all IPs on the LAN, stop new users from obtaining IPs, release any IPs in use, then for good measure send gratuitous ARP and knock all windows hosts offline. It requires scapy >=2.1 library and admin privileges to execute. No configuration necessary, just pass the interface as a parameter. It has been tested on multiple Linux distributions and multiple DHCP servers (ISC,Windows 2k3/2k8)."
desc['dirb'] = "DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the response. DIRB comes with a set of preconfigured attack wordlists for easy usage but you can use your custom wordlists. Also DIRB sometimes can be used as a classic CGI scanner, but remember is a content scanner not a vulnerability scanner. DIRB main purpose is to help in professional web application auditing. Specially in security related testing. It covers some holes not covered by classic web vulnerability scanners. DIRB looks for specific web objects that other generic CGI scanners can’t look for. It doesn’t search vulnerabilities nor does it look for web contents that can be vulnerables."
desc['dirbuster'] = "DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these. However tools of this nature are often as only good as the directory and file list they come with. A different approach was taken to generating this. The list was generated from scratch, by crawling the Internet and collecting the directory and files that are actually used by developers! DirBuster comes a total of 9 different lists, this makes DirBuster extremely effective at finding those hidden files and directories. And if that was not enough DirBuster also has the option to perform a pure brute force, which leaves the hidden directories and files nowhere to hide."
desc['distorm3'] = "diStorm is a lightweight, easy-to-use and fast decomposer library. diStorm disassembles instructions in 16, 32 and 64 bit modes. Supported instruction sets: FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, 3DNow! (w/ extensions), new x86-64 instruction sets, VMX, AMD’s SVM and AVX!. The output of new interface of diStorm is a special structure that can describe any x86 instruction, this structure can be later formatted into text for display too. diStorm is written in C, but for rapidly use, diStorm also has wrappers in Python/Ruby/Java and can easily be used in C as well. It is also the fastest disassembler library!. The source code is very clean, readable, portable and platform independent (supports both little and big endianity). diStorm solely depends on the C library, therefore it can be used in embedded or kernel modules. Note that diStorm3 is backward compatible with the interface of diStorm64 (however, make sure you use the newest header files)."
desc['dmitry'] = "DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C. DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more."
desc['dnmap'] = "dnmap is a framework to distribute nmap scans among several clients. It reads an already created file with nmap commands and send those commands to each client connected to it. The framework use a client/server architecture. The server knows what to do and the clients do it. All the logic and statistics are managed in the server. Nmap output is stored on both server and client. Usually you would want this if you have to scan a large group of hosts and you have several different internet connections (or friends that want to help you)."
desc['dns2tcp'] = "Dns2tcp is a network tool designed to relay TCP connections through DNS traffic. Encapsulation is done on the TCP level, thus no specific driver is needed (i.e: TUN/TAP). Dns2tcp client doesn’t need to be run with specific privileges. Dns2tcp is composed of two parts : a server-side tool and a client-side tool. The server has a list of resources specified in a configuration file. Each resource is a local or remote service listening for TCP connections. The client listen on a predefined TCP port and relays each incoming connection through DNS to the final service."
desc['dnschef'] = "DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka “Fake DNS”) is a tool used for application network traffic analysis among other uses. For example, a DNS proxy can be used to fake requests for “badguy.com” to point to a local machine for termination or interception instead of a real host somewhere on the Internet. There are several DNS Proxies out there. Most will simply point all DNS queries a single IP address or implement only rudimentary filtering. DNSChef was developed as part of a penetration test where there was a need for a more configurable system. As a result, DNSChef is cross-platform application capable of forging responses based on inclusive and exclusive domain lists, supporting multiple DNS record types, matching domains with wildcards, proxying true responses for nonmatching domains, defining external configuration files, IPv6 and many other features. You can find detailed explanation of each of the features and suggested uses below."
desc['dnsenum'] = "Multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks. OPERATIONS: (1) Get the host’s addresse (A record), (2) Get the namservers (threaded), (3) Get the MX record (threaded), (4) Perform axfr queries on nameservers and get BIND VERSION (threaded), (5) Get extra names and subdomains via google scraping (google query = “allinurl: -www site:domain”), (6) Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded), (7) Calculate C class domain network ranges and perform whois queries on them (threaded), (8) Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded), (9) Write to domain_ips.txt file ip-blocks."
desc['dnsmap'] = "dnsmap was originally released back in 2006 and was inspired by the fictional story “The Thief No One Saw” by Paul Craig, which can be found in the book “Stealing the Network – How to 0wn the Box”. dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names, phone numbers, etc. Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it’s especially useful when other domain enumeration techniques such as zone transfers don’t work (I rarely see zone transfers being publicly allowed these days by the way)."
desc['dnsrecon'] = "DNSRecon provides the ability to perform: (1) Check all NS Records for Zone Transfers, (2) Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT), (3) Perform common SRV Record Enumeration. Top Level Domain (TLD) Expansion, (4) Check for Wildcard Resolution, (5) Brute Force subdomain and host A and AAAA records given a domain and a wordlist, (6) Perform a PTR Record lookup for a given IP Range or CIDR, (7) Check a DNS Server Cached records for A, AAAA and CNAME Records provided a list of host records in a text file to check, (8) Enumerate Common mDNS records in the Local Network Enumerate Hosts and Subdomains using Google"
desc['dnstracer'] = "dnstracer determines where a given Domain Name Server (DNS) gets its information from for a given hostname, and follows the chain of DNS servers back to the authoritative answer."
desc['dnswalk'] = "dnswalk is a DNS debugger. It performs zone transfers of specified domains, and checks the database in numerous ways for internal consistency, as well as accuracy."
desc['doona'] = "Doona is a fork of the Bruteforce Exploit Detector Tool (BED). BED is a program which is designed to check daemons for potential buffer overflows, format string bugs etc. Doona is Australian for duvet. It adds a significant number of features/changes to BED."
desc['dos2unix'] = "This package contains utilities dos2unix, unix2dos, mac2unix, unix2mac to convert the line endings of text files between UNIX (LF), DOS (CRLF) and Mac (CR) formats. Text files under Windows and DOS typically have two ASCII characters at the end of each line: CR (carriage return) followed by LF (line feed). Older Macs used just CR, while UNIX uses just LF. While most modern editors can read all these formats, there may still be a need to convert files between them. This is the classic utility developed in 1989."
desc['dotdotpwn'] = "It’s a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module. It’s written in perl programming language and can be run either under *NIX or Windows platforms. It’s the first Mexican tool included in BackTrack Linux (BT4 R2). Fuzzing modules supported in this version: HTTP/HTTP URL/FTP/TFTP/Payload (Protocol independent)/STDOUT"
desc['dradis'] = "Dradis is an open source framework to enable effective information sharing, specially during security assessments. Dradis is a self-contained web application that provides a centralized repository of information to keep track of what has been done so far, and what is still ahead. Features include: (1) Easy report generation, (2) Support for attachments, (3) Integration with existing systems and tools through server plugins, (4) Platform independent."
desc['dumpzilla'] = "Dumpzilla application is developed in Python 3.x and has as purpose extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers to be analyzed. Due to its Python 3.x developement, might not work properly in old Python versions, mainly with certain characters. Works under Unix and Windows 32/64 bits systems. Works in command line interface, so information dumps could be redirected by pipes with tools such as grep, awk, cut, sed… Dumpzilla allows to visualize following sections, search customization and extract certain content."
desc['eapmd5pass'] = "EAP-MD5 is a legacy authentication mechanism that does not provide sufficient protection for user authentication credentials. Users who authenticate using EAP-MD5 subject themselves to an offline dictionary attack vulnerability. This tool reads from a live network interface in monitor-mode, or from a stored libpcap capture file, and extracts the portions of the EAP-MD5 authentication exchange. Once the challenge and response portions have been collected from this exchange, eapmd5pass will mount an offline dictionary attack against the user’s password."
desc['edb-debugger'] = "A Linux equivalent of the famous Olly debugger on the Windows platform."
desc['enum4linux'] = "A Linux alternative to enum.exe for enumerating data from Windows and Samba hosts. Enum4linux is a tool for enumerating information from Windows and Samba systems. It attempts to offer similar functionality to enum.exe formerly available from www.bindview.com. It is written in Perl and is basically a wrapper around the Samba tools smbclient, rpclient, net and nmblookup."
desc['enumiax'] = "enumIAX is an Inter Asterisk Exchange protocol username brute-force enumerator. enumIAX may operate in two distinct modes; Sequential Username Guessing or Dictionary Attack."
desc['exploitdb'] = "The Exploit Database is the ultimate archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away."
desc['extundelete'] = "extundelete is a utility that can recover deleted files from an ext3 or ext4 partition. The ext3 and ext4 file systems are the most common default file systems in Linux distributions like Mint, Mageia, or Ubuntu. extundelete uses information stored in the partition’s journal to attempt to recover a file that has been deleted from the partition. There is no guarantee that any particular file will be able to be undeleted, so always try to have a good backup system in place, or at least put one in place after recovering your files."
desc['fern-wifi-cracker'] = "Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks. Fern Wifi Cracker currently supports the following features: (1) WEP Cracking with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or WPS attack, (2) WPA/WPA2 Cracking with Dictionary or WPS based attacks, (3) Automatic saving of key in database on successful crack, (4) Automatic Access Point Attack System, (5) Session Hijacking (Passive and Ethernet Modes), (6) Access Point MAC Address Geo Location Tracking, (7) Internal MITM Engine, (8) Bruteforce Attacks (HTTP,HTTPS,TELNET,FTP), (9) Update Support"
desc['fierce'] = "First what Fierce is not. Fierce is not an IP scanner, it is not a DDoS tool, it is not designed to scan the whole Internet or perform any un-targeted attacks. It is meant specifically to locate likely targets both inside and outside a corporate network. Only those targets are listed (unless the -nopattern switch is used). No exploitation is performed (unless you do something intentionally malicious with the -connect switch). Fierce is a reconnaissance tool. Fierce is a PERL script that quickly scans domains (usually in just a few minutes, assuming no network lag) using several tactics."
desc['fiked'] = "FakeIKEd, or fiked for short, is a fake IKE daemon supporting just enough of the standards and Cisco extensions to attack commonly found insecure Cisco VPN PSK+XAUTH based IPsec authentication setups in what could be described as a semi MitM attack. Fiked can impersonate a VPN gateway’s IKE responder in order to capture XAUTH login credentials; it doesn’t currently do the client part of full MitM."
desc['fimap'] = "fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It’s currently under heavy development but it’s usable."
desc['findmyhash'] = "indmyhash.py try to crack different types of hashes using free online services."
desc['firewalk'] = "Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass. Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway. If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway hostdoes not allow the traffic, it will likely drop the packets on the floor and we will see no response. To get the correct IP TTL that will result in expired packets one beyond the gateway we need to ramp up hop-counts. We do this in the same manner that traceroute works. Once we have the gateway hopcount (at that point the scan is said to be `bound`) we can begin our scan. It is significant to note the fact that the ultimate destination host does not have to be reached. It just needs to be somewhere downstream, on the other side of the gateway, from the scanning host."
desc['foremost'] = "Foremost is a forensic program to recover lost files based on their headers, footers, and internal data structures. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery."
desc['fragroute'] = "fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks “Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection” paper of January 1998. It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour."
desc['fragrouter'] = "Fragrouter is a network intrusion detection evasion toolkit. It implements most of the attacks described in the Secure Networks “Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection” paper of January 1998. This program was written in the hopes that a more precise testing methodology might be applied to the area of network intrusion detection, which is still a black art at best. Conceptually, fragrouter is just a one-way fragmenting router – IP packets get sent from the attacker to the fragrouter, which transforms them into a fragmented data stream to forward to the victim."
desc['funkload'] = "FunkLoad is a functional and load web tester, written in Python, whose main use cases are: (1) Functional testing of web projects, and thus regression testing as well, (2) Performance testing: by loading the web application and monitoring your servers it helps you to pinpoint bottlenecks, giving a detailed report of performance measurement, (3) Load testing tool to expose bugs that do not surface in cursory testing, like volume testing or longevity testing, (4) Stress testing tool to overwhelm the web application resources and test the application recoverability, (5) Writing web agents by scripting any web repetitive task."
desc['galleta'] = "Galleta is a forensic tool that examines the content of cookie files produced by Microsofts Internet Explorer. It parses the file and outputs a field separated that can be loaded in a spreadsheet."
desc['ghost-phisher'] = "Ghost Phisher is a Wireless and Ethernet security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to emulate access points and deploy. Ghost Phisher currently supports the following features: (1) HTTP Server, (2) Inbuilt RFC 1035 DNS Server, (3) Inbuilt RFC 2131 DHCP Server, (4) Webpage Hosting and Credential Logger (Phishing), (5) Wifi Access point Emulator, (6) Session Hijacking (Passive and Ethernet Modes), (7) ARP Cache Poisoning (MITM and DOS Attacks), (8) Penetration using Metasploit Bindings, (9) Automatic credential logging using SQlite Database, (10) Update Support"
desc['giskismet'] = "GISKismet is a wireless recon visualization tool to represent data gathered using Kismet in a flexible manner. GISKismet stores the information in a database so that the user can generate graphs using SQL. GISKismet currently uses SQLite for the database and GoogleEarth / KML files for graphing."
desc['golismero'] = "GoLismero is an open source framework for security testing. It’s currently geared towards web security, but it can easily be expanded to other kinds of scans. The most interesting features of the framework are: (1) Real platform independence. Tested on Windows, Linux, *BSD and OS X, (2) No native library dependencies. All of the framework has been written in pure Python, (3) Good performance when compared with other frameworks written in Python and other scripting languages, (4) Very easy to use, (5) Plugin development is extremely simple, (6) The framework also collects and unifies the results of well known tools: sqlmap, xsser, openvas, dnsrecon, theharvester, (7) Integration with standards: CWE, CVE and OWASP, (8) Designed for cluster deployment in mind (not available yet)."
desc['goofile'] = "Use this tool to search for a specific file type in a given domain."
desc['gpp-decrypt'] = "A simple ruby script that will decrypt a given GPP encrypted string."
desc['gr-scan'] = "gr-scan is a program written in C++, and built upon GNU Radio, rtl-sdr, and the OsmoSDR Source Block. It is intended to scan a range of frequencies and print a list of discovered signals. It should work with any device that works with that block, including Realtek RTL2832U devices. This software was developed using a Compro U620F, which uses an E4000 tuner. That product doesn’t seem to be available on the US site, but the Newsky DVB-T Receiver (RTL2832U/E4000 Device) has good reviews."
desc['grabber'] = "Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website. Grabber is simple, not fast but portable and really adaptable. This software is designed to scan small websites such as personals, forums etc. absolutely not big application: it would take too long time and flood your network. Features: (1) Cross-Site Scripting, (2) SQL Injection (there is also a special Blind SQL Injection module), (3) File Inclusion, (4) Backup files check, (5) Simple AJAX check (parse every JavaScript and get the URL and try to get the parameters), (6) Hybrid analysis/Crystal ball testing for PHP application using PHP-SAT, (7) JavaScript source code analyzer: Evaluation of the quality/correctness of the JavaScript with JavaScript Lint, (8) Generation of a file [session_id, time(t)] for next stats analysis."
desc['greenbone-security-assistant'] = "OpenVAS web frontend"
desc['gsd'] = ""
desc['guymager'] = "Guymager is a free forensic imager for media acquisition. Its main features are: (1) Easy user interface in different languages, (2) Runs under Linux, (3) Really fast, due to multi-threaded, pipelined design and multi-threaded data compression, (4) Makes full usage of multi-processor machines, (5) Generates flat (dd), EWF (E01) and AFF images, supports disk cloning, (6) Free of charges, completely open source."
desc['hamster-sidejack'] = "Hamster is a tool for “sidejacking”. It acts as a proxy server that replaces your cookies with session cookies stolen from somebody else, allowing you to hijack their sessions. Cookies are sniffed using the Ferret program. You need a copy of that as well."
desc['hash-identifier'] = "Software to identify the different types of hashes used to encrypt data and especially passwords."
desc['hexinject'] = "HexInject is a very versatile packet injector and sniffer, that provide a command-line framework for raw network access. It is designed to work together with others command-line utilities, and for this reason it facilitates the creation of powerful shell scripts capable of reading, intercepting and modifying network traffic in a transparent manner."
desc['hexorbase'] = "HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ). HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets. A database application designed for administering and auditing multiple database servers simultaneously from a centralized location."
desc['hping3'] = "hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. While hping was mainly used as a security tool in the past, it can be used in many ways by people that don’t care about security to test networks and hosts."
desc['httptunnel'] = "HTTPTunnel is a tunneling software that can tunnel network connections through restrictive HTTP proxies over pure HTTP “GET” and “POST” requests."
desc['hydra'] = ""
desc['iaxflood'] = "A UDP Inter-Asterisk_eXchange (i.e. IAX) packet was captured from an IAX channel between two Asterisk IP PBX’s. The content of that packet is the source of the payload for the attack embodied by this tool. While the IAX protocol header might not match the Asterisk PBX you’ll attack with this tool, it may require more processing on the part of the PBX than a simple udpflood without any payload that even resembles an IAX payload."
desc['inguma'] = "Inguma is a penetration testing toolkit entirely written in python. The framework includes modules to discover hosts, gather information about, fuzz targets, brute force user names and passwords and, of course, exploits. While the current exploitation capabilities in Inguma may be limited, this program provides numerous tools for information gathering and target auditing. Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in Python."
desc['intersect'] = "Intersect 2.5 is the second major release in the project line. This release is much different from the previous, in that it gives the user complete control over which features the Intersect script includes and lets them easily import their own features, among other new functionality. This release focuses mainly on the individual modules(features) and the capability to generate your own customized Intersect scripts. By using the Create.py application, the user is guided through a menu-driven process which allows them to select which modules they would like to include, import their own custom modules and ultimately create an Intersect script that is built around the specific modules they choose."
desc['intrace'] = "InTrace is a traceroute-like application that enables users to enumerate IP hops exploiting existing TCP connections, both initiated from local network (local system) or from remote hosts. It could be useful for network reconnaissance and firewall bypassing."
desc['inundator'] = "Inundator is a multi-threaded, queue-driven, anonymous intrusion detection false positives generator with support for multiple targets."
desc['inviteflood'] = "A tool to perform SIP/SDP INVITE message flooding over UDP/IP. It was tested on a Linux Red Hat Fedora Core 4 platform (Pentium IV, 2.5 GHz), but it is expected this tool will successfully build and execute on a variety of Linux distributions."
desc['iphone-backup-analyzer'] = "iPhone Backup Analyzer is an utility designed to easily browse through the backup folder of an iPhone (or any other iOS device). Read configuration files, browse archives, lurk into databases, and so on. iPhone Backup Analyzer is an utility designed to easily browse through the backup folder of an iPhone."
desc['ipv6-toolkit'] = "The SI6 Networks’ IPv6 toolkit is a set of IPv6 security assessment and trouble-shooting tools. It can be leveraged to perform security assessments of IPv6 networks, assess the resiliency of IPv6 devices by performing real-world attacks against them, and to trouble-shoot IPv6 networking problems. The tools comprising the toolkit range from packet-crafting tools to send arbitrary Neighbor Discovery packets to the most comprehensive IPv6 network scanning tool out there (our scan6 tool)."
desc['ismtp'] = "Test for SMTP user enumeration (RCPT TO and VRFY), internal spoofing, and relay."
desc['isr-evilgrade'] = "Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries (agents), a working default configuration for fast pentests, and has it’s own WebServer and DNSServer modules. Easy to set up new settings, and has an autoconfiguration when new binary agents are set. A modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates."
desc['jad'] = "Java decompiler. Decompiles the given Java class file."
desc['javasnoop'] = "JavaSnoop attempts to attach to an existing process (like a debugger) and instantly begin tampering with method calls, run custom code, or just watch what’s happening on the system. Normally, without access to the original source code, testing the security of a Java client is unpredictable at best and unrealistic at worst. With access the original source, you can run a simple Java program and attach a debugger to it remotely, stepping through code and changing variables where needed. Doing the same with an applet is a little bit more difficult. Unfortunately, real-life scenarios don’t offer you this option, anyway. Compilation and decompilation of Java are not really as deterministic as you might imagine. Therefore, you can’t just decompile a Java application, run it locally and attach a debugger to it. Next, you may try to just alter the communication channel between the client and the server, which is where most of the interesting things happen anyway. This works if the client uses HTTP with a configurable proxy. Otherwise, you’re stuck with generic network traffic altering mechanisms. These are not so great for almost all cases, because the data is usually not plaintext. It’s usually a custom protocol, serialized objects, encrypted, or some combination of those. JavaSnoop attempts to solve this problem by allowing you attach to an existing process (like a debugger) and instantly begin tampering with method calls, run custom code, or just watch what’s happening on the system."
desc['jboss-autopwn'] = "This JBoss script deploys a JSP shell on the target JBoss AS server. Once deployed, the script uses its upload and command execution capability to provide an interactive session."
desc['jd-gui'] = "JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields."
desc['john'] = ""
desc['johnny'] = "Johnny provides a GUI for the John the Ripper password cracking tool. Johnny provides a GUI for the John the Ripper password cracking tool."
desc['joomscan'] = "Joomla! is probably the most widely-used CMS out there due to its flexibility, user-friendlinesss, extensibility to name a few. So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity. It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites."
desc['jsql'] = "jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris)."
desc['kalibrate-rtl'] = "Kalibrate, or kal, can scan for GSM base stations in a given frequency band and can use those GSM base stations to calculate the local oscillator frequency offset."
desc['keepnote'] = "KeepNote is a note taking application that works on Windows, Linux, and MacOS X. With KeepNote, you can store your class notes, TODO lists, research notes, journal entries, paper outlines, etc in a simple notebook hierarchy with rich-text formatting, images, and more. Using full-text search, you can retrieve any note for later reference. KeepNote is designed to be cross-platform (implemented in Python and PyGTK) and stores your notes in simple and easy to manipulate file formats (HTML and XML). Archiving and transferring your notes is as easy as zipping or copying a folder."
desc['keimpx'] = ""
desc['killerbee'] = "KillerBee is a Python based framework and tool set for exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks. Using KillerBee tools and a compatible IEEE 802.15.4 radio interface, you can eavesdrop on ZigBee networks, replay traffic, attack cryptosystems and much more. Using the KillerBee framework, you can build your own tools, implement ZigBee fuzzing, emulate and attack end-devices, routers and coordinators and much more. Identifies available interfaces that can be used by KillerBee and associated tools. A GTK GUI application for tracking the location of an IEEE 802.15.4 transmitter by measuring RSSI.  Zbfind can be passive in discovery (only listen for packets) or it can be active by sending Beacon Request frames and recording the responses from ZigBee routers and coordinators."
desc['kismet'] = "Kismet is an 802.11 layer-2 wireless network detector, sniffer, and intrusion detection system. It will work with any wireless card that supports raw monitoring (rfmon) mode, and can sniff 802.11a/b/g/n traffic. It can use other programs to play audio alarms for network events, read out network summaries, or provide GPS coordinates. This is the main package containing the core, client, and server. Meant to be run inside the Kismet IPC framework."
desc['lbd'] = "lbd (load balancing detector) detects if a given domain uses DNS and/or HTTP Load-Balancing (via Server: and Date: header and diffs between server answers). Test to see if the target domain (example.com) is using a load balancer."
desc['linux-exploit-suggester'] = "As the name suggests, this is a Linux Exploit Suggester, with no frills and no fancy features; just a simple script to keep track of vulnerabilities and suggest possible exploits to use to gain ‘root‘ on a legitimate penetration test, or governing examining body. Script to keep track of vulnerabilities and suggest possible exploits."
desc['lynis'] = "Lynis is an open source security auditing tool. Its main goal is to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks. Examples include searching for installed software and determine possible configuration flaws. Many tests are part of common security guidelines and standards, with on top additional security tests. After the scan a report will be displayed with all discovered findings. To provide you with initial guidance, a link is shared to the related Lynis control."
desc['magictree'] = "MagicTree is a penetration tester productivity tool. It is designed to allow easy and straightforward data consolidation, querying, external command execution and (yeah!) report generation. In case you wonder, “Tree” is because all the data is stored in a tree structure, and “Magic” is because it is designed to magically do the most cumbersome and boring part of penetration testing – data management and reporting. A penetration tester productivity tool."
desc['maltego-teeth'] = "Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. Maltego’s unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure. The unique perspective that Maltego offers to both network and resource based entities is the aggregation of information posted all over the internet – whether it’s the current configuration of a router poised on the edge of your network or the current whereabouts of your Vice President on his international visits, Maltego can locate, aggregate and visualize this information. Maltego offers the user with unprecedented information."
desc['maskprocessor'] = "Maskprocessor is a High-Performance word generator with a per-position configureable charset packed into a single stand-alone binary. Maskprocessor is a High-Performance word generator with a per-position configureable charset packed into a single stand-alone binary."
desc['masscan'] = ".his is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second. It produces results similar to nmap, the most famous port scanner. Internally, it operates more like scanrand, unicornscan, and ZMap, using asynchronous transmission. The major difference is that it’s faster than these other scanners. In addition, it’s more flexible, allowing arbitrary address ranges and port ranges. NOTE: masscan uses a custom TCP/IP stack. Anything other than simple port scans will cause conflict with the local TCP/IP stack. This means you need to either use the -S option to use a separate IP address, or configure your operating system to firewall the ports that masscan uses."
desc['mdk3'] = "MDK is a proof-of-concept tool to exploit common IEEE 802.11 protocol weaknesses."
desc['metagoofil'] = "Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company. Metagoofil will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner? and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information gathering phase."
desc['mfcuk'] = "Toolkit containing samples and various tools based on and around libnfc and crapto1, with emphasis on Mifare Classic NXP/Philips RFID cards."
desc['mfoc'] = "MFOC is an open source implementation of “offline nested” attack by Nethemba. This program allow to recover authentication keys from MIFARE Classic card. Please note MFOC is able to recover keys from target only if it have a known key: default one (hardcoded in MFOC) or custom one (user provided using command line)."
desc['mfterm'] = "mfterm is a terminal interface for working with Mifare Classic tags. Tab completion on commands is available. Also, commands that have file name arguments provide tab completion on files. There is also a command history, like in most normal shells."
desc['miranda'] = "Miranda is a Python-based Universal Plug-N-Play client application designed to discover, query and interact with UPNP devices, particularly Internet Gateway Devices (aka, routers). It can be used to audit UPNP-enabled devices on a network for possible vulnerabilities. Miranda was built on and for a Linux system and has been tested on a Linux 2.6 kernel with Python 2.5. However, since it is written in Python, most functionality should be available for any Python-supported platform. Miranda has been tested against IGDs from various vendors, including Linksys, D-Link, Belkin and ActionTec. All Python modules came installed by default on a Linux Mint 5 (Ubuntu 8.04) test system."
desc['mitmproxy'] = "mitmproxy is an SSL-capable man-in-the-middle HTTP proxy. It provides a console interface that allows traffic flows to be inspected and edited on the fly. Also shipped is mitmdump, the command-line version of mitmproxy, with the same functionality but without the frills. Think tcpdump for HTTP."
desc['multiforcer'] = "A CUDA & OpenCL accelerated rainbow table implementation from the ground up, and a CUDA hash brute forcing tool with support for many hash types including MD5, SHA1, LM, NTLM, and lots more. The Cryptohaze Multiforcer is a multi-GPU (nVidia CUDA only right now) tool for high performance password cracking."
desc['multimon-ng'] = ""
desc['ncrack'] = "Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts. Ncrack’s features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap’s and many more. Protocols supported include RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and telnet."
desc['nipper-ng'] = "Nipper-ng is the next generation of nipper, and will always remain free and open source. This software will be used to make observations about the security configurations of many different device types such as routers, firewalls, and switches of a network infrastructure. This is a fork from nipper 0.11.10 release of the GNUv3 GPL code."
desc['nishang'] = "Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests. It contains many interesting scripts like Keylogger, DNS TXT Code Execution, HTTP Backdoor, Powerpreter, LSA Secrets and much more."
desc['nmap'] = "Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping)."
desc['ntop'] = "ntop is a tool that shows the network usage, similar to what the popular top Unix command does. ntop is based on pcapture (ftp://ftp.ee.lbl.gov/pcapture.tar.Z) and it has been written in a portable way in order to virtually run on every Unix platform. ntop can be used in both interactive or web mode. In the first case, ntop displays the network status on the user’s terminal whereas in web mode a web browser (e.g. netscape) can attach to ntop (that acts as a web server) and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface. ntop uses libpcap, a system-independent interface for user-level packet capture."
desc['oclgausscrack'] = "The goal of the program is to crack the verification hash of the encrypted payload of the Gauss Virus. Uses OpenCL to accelerate the 10k MD5 loop Uses optimizations also used in oclHashcat-plus for maximum performance Able to handle multi-GPU setups (of the same type) VCL (Virtual CL) v1.18 compatible Open Source Supports integration into distributed computing environments Supports resume. The program is to crack the verification hash of the encrypted payload of the Gauss Virus."
desc['ohrwurm'] = "ohrwurm is a small and simple RTP fuzzer that has been successfully tested on a small number of SIP phones."
desc['ollydbg'] = "OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable."
desc['oscanner'] = "Oscanner is an Oracle assessment framework developed in Java. It has a plugin-based architecture and comes with a couple of plugins. The results are given in a graphical java tree."
desc['p0f'] = "P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP)."
desc['pack'] = "PACK was developed in order to aid in a password cracking competition “Crack Me If You Can” that occurred during Defcon 2010. The goal of this toolkit is to aid in preparation for the “better than bruteforce” password attacks by analyzing common ways that people create passwords. After the analysis stage, the statistical database can be used to generate attack masks for tools such as oclHashcat. NOTE: This tool itself can not crack passwords, but helps other tools crack more passwords faster."
desc['padbuster'] = "PadBuster is a Perl script for automating Padding Oracle Attacks. PadBuster provides the capability to decrypt arbitrary ciphertext, encrypt arbitrary plaintext, and perform automated response analysis to determine whether a request is vulnerable to padding oracle attacks."
desc['paros'] = "A Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc. Lightweight web application testing proxy."
desc['parsero'] = "Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries. The Disallow entries tell the search engines what directories or files hosted on a web server mustn’t be indexed. For example, “Disallow: /portal/login” means that the content on www.example.com/portal/login it’s not allowed to be indexed by crawlers like Google, Bing, Yahoo…"
desc['patator'] = "Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage."
desc['pdf-parser'] = "This tool will parse a PDF document to identify the fundamental elements used in the analyzed file. It will not render a PDF document."
desc['pdfid'] = "This tool is not a PDF parser, but it will scan a file to look for certain PDF keywords, allowing you to identify PDF documents that contain (for example) JavaScript or execute an action when opened. PDFiD will also handle name obfuscation. The idea is to use this tool first to triage PDF documents, and then analyze the suspicious ones with my pdf-parser."
desc['pdgmail'] = "Python script to gather gmail artifacts from a pd process memory dump. It’ll find what it can out of the memory image including contacts, emails, last acccess times, IP addresses etc."
desc['peepdf'] = "peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it’s possible to see all the objects in the document showing the suspicious elements, supports the most used filters and encodings, it can parse different versions of a file, object streams and encrypted files."
desc['phrasendrescher'] = "phrasen|drescher (p|d) is a modular and multi processing pass phrase cracking tool. It comes with a number of plugins but a simple plugin API allows an easy development of new plugins."
desc['pipal'] = "All this tool does is to give you the stats and the information to help you analyse the passwords. The real work is done by you in interpreting the results. Analyze and display the top 5 passwords (-t 5), using the given file as input (/usr/share/wordlists/nmap.lst)."
desc['pixiewps'] = "Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs (pixie dust attack)."
desc['plecost'] = "WordPress finger printer tool, plecost search and retrieve information about the plugins versions installed in WordPress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin, if there. Plecost retrieves the information contained on Web sites supported by WordPress, and also allows a search on the results indexed by Google."
desc['polenum'] = "polenum is a python script which uses the Impacket Library from CORE Security Technologies to extract the password policy information from a windows machine. This allows a non-windows (Linux, Mac OSX, BSD etc..) user to query the password policy of a remote windows box without the need to have access to a windows machine."
desc['powerfuzzer'] = "Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be user friendly, modern, effective and working."
desc['powersploit'] = "PowerSploit is a series of Microsoft PowerShell scripts that can be used in post-exploitation scenarios during authorized penetration tests."
desc['protos-sip'] = "The purpose of this test-suite is to evaluate implementation level security and robustness of Session Initiation Protocol (SIP) implementations."
desc['proxystrike'] = "ProxyStrike is an active Web Application Proxy. It’s a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so we came with this proxy. Right now it has available Sql injection and XSS plugins. Both plugins are designed to catch as many vulnerabilities as we can, it’s that why the SQL Injection plugin is a Python port of the great DarkRaver “Sqlibf”. The process is very simple, ProxyStrike runs like a proxy listening in port 8008 by default, so you have to browse the desired web site setting your browser to use ProxyStrike as a proxy, and ProxyStrike will analyze all the paremeters in background mode. For the user is a passive proxy because you won’t see any different in the behaviour of the application, but in the background is very active. :). Some features:. An active Web Application Proxy. ."
desc['pwnat'] = "pwnat, pronounced “poe-nat”, is a tool that allows any number of clients behind NATs to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other."
desc['rcracki-mt'] = "rcracki_mt is a modified version of rcrack which supports hybrid and indexed tables. In addition to that, it also adds multi-core support."
desc['reaver'] = "Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases, as described in http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf. Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations. On average Reaver will recover the target AP’s plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP."
desc['rebind'] = "Rebind is a tool that implements the multiple A record DNS rebinding attack. Although this tool was originally written to target home routers, it can be used to target any public (non RFC1918) IP address. Rebind provides an external attacker access to a target router’s internal Web interface. This tool works on routers that implement the weak end system model in their IP stack, have specifically configured firewall rules, and who bind their Web service to the router’s WAN interface. Note that remote administration does not need to be enabled for this attack to work. All that is required is that a user inside the target network surf to a Web site that is controlled, or has been compromised, by the attacker."
desc['recon-ng'] = "Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly. Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance. If you want to exploit, use the Metasploit Framework. If you want to Social Engineer, us the Social Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng! See the Usage Guide for more information. Recon-ng is a completely modular framework and makes it easy for even the newest of Python developers to contribute. Each module is a subclass of the “module” class. The “module” class is a customized “cmd” interpreter equipped with built-in functionality that provides simple interfaces to common tasks such as standardizing output, interacting with the database, making web requests, and managing API keys."
desc['redfang'] = "RedFang is a small proof-of-concept application to find non discoverable Bluetooth devices. This is done by brute forcing the last six (6) bytes of the Bluetooth address of the device and doing a read_remote_name(). Scan the given range (-r 00803789EE76-00803789EEff) and discover Bluetooth devices (-s):."
desc['regripper'] = "RegRipper is an open source tool, written in Perl, for extracting/parsing information (keys, values, data) from the Registry and presenting it for analysis. RegRipper consists of two basic tools, both of which provide similar capability. The RegRipper GUI allows the analyst to select a hive to parse, an output file for the results, and a profile (list of plugins) to run against the hive. When the analyst launches the tool against the hive, the results go to the file that the analyst designated. If the analyst chooses to parse the System hive, they might also choose to send the results to system.txt. The GUI tool will also create a log of it’s activity in the same directory as the output file, using the same file name but using the .log extension (i.e., if the output is written to system.txt, the log will be written to system.log). RegRipper also includes a command line (CLI) tool called rip. Rip can be pointed against to a hive and can run either a profile (a list of plugins) or an individual plugin against that hive, with the results being sent to STDOUT."
desc['responder'] = "This tool is first an LLMNR and NBT-NS responder, it will answer to *specific* NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: http://support.microsoft.com/kb/163409). By default, the tool will only answers to File Server Service request, which is for SMB. The concept behind this, is to target our answers, and be stealthier on the network. This also helps to ensure that we don’t break legitimate NBT-NS behavior. You can set the -r option to 1 via command line if you want this tool to answer to the Workstation Service request name suffix. Specify the IP address to redirect to (-i 192.168.1.202), enabling the WPAD rogue proxy (-w On), answers for netbios wredir (-r On), and fingerprinting (-f On):."
desc['ridenum'] = "Rid Enum is a RID cycling attack that attempts to enumerate user accounts through null sessions and the SID to RID enum. If you specify a password file, it will automatically attempt to brute force the user accounts when its finished enumerating. Connect to the remote server (192.168.1.236) and cycle from RID 500 to 50000 (500 50000), using the given password file (/tmp/passes.txt):."
desc['rsmangler'] = "RSMangler will take a wordlist and perform various manipulations on it similar to those done by John the Ripper the main difference being that it will first take the input words and generate all permutations and the acronym of the words (in order they appear in the file) before it applies the rest of the mangles. Use the original wordlist (cat words.txt |) and mangle words with a minimum length of 6 (-m 6) and maximum length of 8 (-x 8), using stdin as input (–file -) and redirecting the results to a new wordlist (> mangled.txt):."
desc['rtlsdr-scanner'] = "A cross platform Python frequency scanning GUI for USB TV dongles, using the OsmoSDR rtl-sdr library. In other words a cheap, simple Spectrum Analyser. The scanner attempts to overcome the tuner’s frequency response by averaging scans from both the positive and negative frequency offets of the baseband data."
desc['rtpbreak'] = "With rtpbreak you can detect, reconstruct and analyze any RTP session. It doesn’t require the presence of RTCP packets and works independently form the used signaling protocol (SIP, H.323, SCCP, …). The input is a sequence of packets, the output is a set of files you can use as input for other tools (wireshark/tshark, sox, grep/awk/cut/ cat/sed, …). It supports also wireless (AP_DLT_IEEE802_11) networks. Analyze RTP traffic using interface eth0 (-i eth0), fill in gaps (-g), sniff in promiscuous mode (-m), and save to the given directory (-d rtplog):."
desc['rtpflood'] = "A command line tool used to flood any device that is processing RTP. Flood from the source IP (192.168.1.202) to the target IP (192.168.1.1) with source port 5060 (5060) and destination port 5061 (5061) using 1000 packets (1000) with the specified sequence number (3), timestamp (123456789), and SSID (kali):."
desc['rtpinsertsound'] = "A tool to insert audio into a specified audio (i.e. RTP) stream was created in the August – September 2006 timeframe. The tool is named rtpinsertsound. It was tested on a Linux Red Hat Fedora Core 4 platform (Pentium IV, 2.5 GHz), but it is expected this tool will successfully build and execute on a variety of Linux distributions."
desc['rtpmixsound'] = "A tool to mix pre-recorded audio in real-time with the audio (i.e. RTP) in the specified target audio stream. Mix the given audio file (/usr/share/rtpmixsound/stapler.wav) through the network."
desc['sbd'] = "sbd is a Netcat-clone, designed to be portable and offer strong encryption. It runs on Unix-like operating systems and on Microsoft Win32. sbd features AES-CBC-128 + HMAC-SHA1 encryption (by Christophe Devine), program execution (-e option), choosing source port, continuous reconnection with delay, and some other nice features. sbd supports TCP/IP communication only. On the server, listen for a connection (-l) on port 4444 (-p 4444), execute bash on connection (-e bash) and display verbose output (-v) with no name resolution (-n). On the client, connect to the remote server IP address (192.168.1.202) and port (4444)."
desc['sctpscan'] = "SCTPscan is a tool to scan SCTP enabled machines. Typically, these are Telecom oriented machines carrying SS7 and SIGTRAN over IP. Using SCTPscan, you can find entry points to Telecom networks. This is especially useful when doing pentests on Telecom Core Network infrastructures. SCTP is also used in high-performance networks (internet2)."
desc['set'] = "The Social-Engineer Toolkit is an open-source penetration testing framework designed for Social-Engineering. SET has a number of custom attack vectors that allow you to make a believable attack in a fraction of the time."
desc['sfuzz'] = "simple fuzz is exactly what it sounds like – a simple fuzzer. don’t mistake simple with a lack of fuzz capability. this fuzzer has two network modes of operation, an output mode for developing command line fuzzing scripts, as well as taking fuzzing strings from literals and building strings from sequences. simple fuzz is built to fill a need – the need for a quickly configurable black box testing utility that doesn’t require intimate knowledge of the inner workings of C or require specialized software rigs. the aim is to just provide a simple interface, clear inputs/outputs, and reusability."
desc['shellnoob'] = "Writing shellcodes has always been super fun, but some parts are extremely boring and error prone. Focus only on the fun part, and use ShellNoob!"
desc['sidguesser'] = "Guesses sids/instances against an Oracle database according to a predefined dictionary file. The speed is slow (80-100 guesses per second) but it does the job."
desc['siparmyknife'] = "SIP Army Knife is a fuzzer that searches for cross site scripting, SQL injection, log injection, format strings, buffer overflows, and more."
desc['sipp'] = "SIPp is a free Open Source test tool / traffic generator for the SIP protocol. It includes a few basic SipStone user agent scenarios (UAC and UAS) and establishes and releases multiple calls with the INVITE and BYE methods. It can also reads custom XML scenario files describing from very simple to complex call flows. It features the dynamic display of statistics about running tests (call rate, round trip delay, and message statistics), periodic CSV statistics dumps, TCP and UDP over multiple sockets or multiplexed with retransmission management and dynamically adjustable call rates. Other advanced features include support of IPv6, TLS, SCTP, SIP authentication, conditional scenarios, UDP retransmissions, error robustness (call timeout, protocol defense), call specific variable, Posix regular expression to extract and re-inject any protocol fields, custom actions (log, system command exec, call stop) on message receive, field injection from external CSV file to emulate live users."
desc['sipvicious'] = "SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It currently consists of four tools:. svmap – this is a sip scanner. Lists SIP devices found on an IP range svwar – identifies active extensions on a PBX svcrack – an online password cracker for SIP PBX svreport – manages sessions and exports reports to various formats svcrash – attempts to stop unauthorized svwar and svcrack scans."
desc['skipfish'] = "Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments."
desc['slowhttptest'] = "SlowHTTPTest is a highly configurable tool that simulates some Application Layer Denial of Service attacks. It works on majority of Linux platforms, OSX and Cygwin – a Unix-like environment and command-line interface for Microsoft Windows. It implements most common low-bandwidth Application Layer DoS attacks, such as slowloris, Slow HTTP POST, Slow Read attack (based on TCP persist timer exploit) by draining concurrent connections pool, as well as Apache Range Header attack by causing very significant memory and CPU usage on the server. Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy, this creates a denial of service. This tool is sending partial HTTP requests, trying to get denial of service from target HTTP server."
desc['smali'] = "smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android’s Java VM implementation. The syntax is loosely based on Jasmin’s/dedexer’s syntax, and supports the full functionality of the dex format (annotations, debug info, line info, etc.)."
desc['smtp-user-enum'] = "smtp-user-enum is a tool for enumerating OS-level user accounts on Solaris via the SMTP service (sendmail). Enumeration is performed by inspecting the responses to VRFY, EXPN and RCPT TO commands. It could be adapted to work against other vulnerable SMTP daemons, but this hasn’t been done as of v1.0."
desc['sniffjoke'] = "SniffJoke is an application for Linux that handle transparently your TCP connection, delaying, modifyng and inject fake packets inside your transmission, make them almost impossible to be correctly read by a passive wiretapping technology (IDS or sniffer)."
desc['spooftooph'] = "Spooftooph is designed to automate spoofing or cloning Bluetooth device information. Make a Bluetooth device hide in plain site."
desc['sqldict'] = "SQLdict is a dictionary attack tool for SQL Server."
desc['sqlmap'] = "sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections."
desc['sqlninja'] = "Fancy going from a SQL Injection on Microsoft SQL Server to a full GUI access on the DB? Take a few new SQL Injection tricks, add a couple of remote shots in the registry to disable Data Execution Prevention, mix with a little Perl that automatically generates a debug script, put all this in a shaker with a Metasploit wrapper, shake well and you have just one of the attack modules of sqlninja!. Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered."
desc['sqlsus'] = "sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface, you can retrieve the database(s) structure, inject your own SQL queries (even complex ones), download files from the web server, crawl the website for writable directories, upload and control a backdoor, clone the database(s), and much more… Whenever relevant, sqlsus will mimic a MySQL console output. sqlsus focuses on speed and efficiency, optimizing the available injection space, making the best use (I can think of) of MySQL functions. It uses stacked subqueries and an powerful blind injection algorithm to maximize the data gathered per web server hit. Using multi-threading on top of that, sqlsus is an extremely fast database dumper, be it for inband or blind injection. If the privileges are high enough, sqlsus will be a great help for uploading a backdoor through the injection point, and takeover the web server."
desc['sslcaudit'] = "The goal of sslcaudit project is to develop a utility to automate testing SSL/TLS clients for resistance against MITM attacks. It might be useful for testing a thick client, a mobile application, an appliance, pretty much anything communicating over SSL/TLS over TCP."
desc['sslsplit'] = "SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing. SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. SSLsplit can also use existing certificates of which the private key is available, instead of generating forged ones."
desc['sslstrip'] = "sslstrip is a tool that transparently hijacks HTTP traffic on a network, watch for HTTPS links and redirects, and then map those links into look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial."
desc['sslyze'] = "SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers."
desc['statsprocessor'] = "Statsprocessor is a high-performance word-generator based on per-position markov-attack packed into a single stand-alone binary."
desc['t50'] = "Multi-protocol packet injector tool for *nix systems, actually supporting 15 protocols. Features: – Flooding – CIDR support – TCP, UDP, ICMP, IGMPv2, IGMPv3, EGP, DCCP, RSVP, RIPv1, RIPv2, GRE, ESP, AH, EIGRP and OSPF support."
desc['termineter'] = "Termineter is a framework written in python to provide a platform for the security testing of smart meters. It implements the C12.18 and C12.19 protocols for communication. Currently supported are Meters using C12.19 with 7-bit character sets. Termineter communicates with Smart Meters via a connection using an ANSI type-2 optical probe with a serial interface."
desc['thc-ipv6'] = "A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library."
desc['thc-pptp-bruter'] = "Brute force program against pptp vpn endpoints (tcp port 1723). Fully standalone. Supports latest MSChapV2 authentication. Tested against Windows and Cisco gateways. Exploits a weakness in Microsoft’s anti-brute force implementation which makes it possible to try 300 passwords the second."
desc['thc-ssl-dos'] = "THC-SSL-DOS is a tool to verify the performance of SSL. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed."
desc['theharvester'] = "The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization."
desc['tlssled'] = "TLSSLed is a Linux shell script whose purpose is to evaluate the security of a target SSL/TLS (HTTPS) web server implementation. It is based on sslscan, a thorough SSL/TLS scanner that is based on the openssl library, and on the “openssl s_client” command line tool. The current tests include checking if the target supports the SSLv2 protocol, the NULL cipher, weak ciphers based on their key length (40 or 56 bits), the availability of strong ciphers (like AES), if the digital certificate is MD5 signed, and the current SSL/TLS renegotiation capabilities."
desc['tnscmd10g'] = "A tool to prod the oracle tnslsnr process on port 1521/tcp."
desc['truecrack'] = "TrueCrack is a brute-force password cracker for TrueCrypt volumes. It works on Linux and it is optimized for Nvidia Cuda technology."
desc['twofi'] = "When attempting to crack passwords custom word lists are very useful additions to standard dictionaries. An interesting idea originally released on the “7 Habits of Highly Effective Hackers” blog was to use Twitter to help generate those lists based on searches for keywords related to the list that is being cracked. This idea has been expanded into twofi which will take multiple search terms and return a word list sorted by most common first."
desc['u3-pwn'] = "U3-Pwn is a tool designed to automate injecting executables to Sandisk smart usb devices with default U3 software install. This is performed by removing the original iso file from the device and creating a new iso with autorun features."
desc['ua-tester'] = "This tool is designed to automatically check a given URL using a list of standard and non-standard User Agent strings provided by the user (1 per line). The results of these checks are then reported to the user for further manual analysis where required."
desc['uniscan'] = "Uniscan is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner."
desc['unix-privesc-check'] = "Unix-privesc-checker is a script that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2). It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases). It is written as a single shell script so it can be easily uploaded and run (as opposed to un-tarred, compiled and installed)."
desc['urlcrazy'] = "Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage."
desc['valgrind'] = "Valgrind is a system for debugging and profiling Linux programs. With its tool suite you can automatically detect many memory management and threading bugs, avoiding hours of frustrating bug-hunting and making your programs more stable. You can also perform detailed profiling to help speed up your programs and use Valgrind to build new tools"
desc['vega'] = "Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows. Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities."
desc['voiphopper'] = "VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, Nortel, and Alcatel-Lucent environments. This requires two important steps in order for the tool to traverse VLANs for unauthorized access.  First,  discovery of the correct 12 bit Voice VLAN ID (VVID) used by the IP Phones is required.  VoIP Hopper supports multiple protocol discovery methods (CDP, DHCP, LLDP-MED, 802.1q ARP) for this important first step. Second, the tool creates a virtual VoIP ethernet interface on the OS.  It then inserts a spoofed 4-byte 802.1q vlan header containing the 12 bit VVID into a spoofed DHCP request.  Once it receives an IP address in the VoIP VLAN subnet, all subsequent ethernet frames are “tagged” with the spoofed 802.1q header.  VoIP Hopper is a VLAN Hop test tool but also a tool to test VoIP infrastructure security."
desc['volatility'] = "The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibility into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research. Volatility supports memory dumps from all major 32- and 64-bit Windows versions and service packs including XP, 2003 Server, Vista, Server 2008, Server 2008 R2, and Seven. Whether your memory dump is in raw format, a Microsoft crash dump, hibernation file, or virtual machine snapshot, Volatility is able to work with it. We also now support Linux memory dumps in raw or LiME format and include 35+ plugins for analyzing 32- and 64-bit Linux kernels from 2.6.11 – 3.5.x and distributions such as Debian, Ubuntu, OpenSuSE, Fedora, CentOS, and Mandrake."
desc['w3af'] = "w3af is a Web Application Attack and Audit Framework which aims to identify and exploit all web application vulnerabilities. This package provides a graphical user interface (GUI) for the framework. If you want a command-line application only, install w3af-console. The framework has been called the “metasploit for the web”, but it’s actually much more than that, because it also discovers the web application vulnerabilities using black-box scanning techniques."
desc['webscarab'] = "WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented."
desc['webshag'] = "Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing. Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication (Basic and Digest). In addition to that it proposes innovative IDS evasion functionalities aimed at making correlation between request more complicated (e.g. use a different random per request HTTP proxy server)."
desc['webshells'] = "A collection of webshells for ASP, ASPX, CFM, JSP, Perl, and PHP servers."
desc['webslayer'] = "Webslayer is a tool designed for brute forcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts,files, etc), brute force GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc. The tools has a payload generator and an easy and powerful results analyzer."
desc['weevely'] = "Weevely is a stealth PHP web shell that simulate telnet-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones."
desc['wfuzz'] = "Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc."
desc['wifi-honey'] = "This script creates five monitor mode interfaces, four are used as APs and the fifth is used for airodump-ng. To make things easier, rather than having five windows all this is done in a screen session which allows you to switch between screens to see what is going on. All sessions are labelled so you know which is which. Broadcast the given ESSID (FreeWiFi) on channel 6 (6) using the wireless interface (wlan0):."
desc['wifitap'] = "Wifitap is a proof of concept for communication over WiFi networks using traffic injection. Wifitap allows any application do send and receive IP packets using 802.11 traffic capture and injection over a WiFi network simply configuring wj0, which means :. In particular, it’s a cheap method for arbitrary packets injection in 802.11 frames without specific library. In addition, it will allow one to get rid of any limitation set at access point level, such as bypassing inter-client communications prevention systems (e.g. Cisco PSPF) or reaching multiple SSID handled by the same access point."
desc['wifite'] = "To attack multiple WEP, WPA, and WPS encrypted networks in a row. This tool is customizable to be automated with only a few arguments. Wifite aims to be the “set it and forget it” wireless auditing tool."
desc['wireshark'] = "Wireshark is the world’s foremost network protocol analyzer. It lets you see what’s happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions. Wireshark development thrives thanks to the contributions of networking experts across the globe."
desc['wol-e'] = "WOL-E is a suite of tools for the Wake on LAN feature of network attached computers, this is now enabled by default on many Apple computers."
desc['wordlists'] = "This package contains the rockyou wordlist and contains symlinks to a number of other password files present in the Kali Linux distribution. This package has an installation size of 134 MB."
desc['wpscan'] = "WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues. Scan a target WordPress URL and enumerate any plugins that are installed:."
desc['xplico'] = "The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP, MGCP, H323), FTP, TFTP, and so on. Xplico is not a network protocol analyzer. Use the rltm module (-m rltm) and analyze traffic on interface eth0."
desc['xspy'] = "Sniffs keystrokes on remote or local X-Windows servers."
desc['xsser'] = "Cross Site “Scripter” (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. It contains several options to try to bypass certain filters, and various special techniques of code injection. ."
desc['yara'] = "With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a boolean expression which determines its logic. This package contains the command-line interface."
desc['yersinia'] = "Yersinia is a framework for performing layer 2 attacks. It is designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems."
desc['zaproxy'] = "The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox."


links = {}
links['acccheck'] = "http://tools.kali.org/information-gathering/acccheck"
links['ace-voip'] = "http://tools.kali.org/information-gathering/ace-voip"
links['aircrack-ng'] = "http://tools.kali.org/wireless-attacks/aircrack-ng"
links['amap'] = "http://tools.kali.org/information-gathering/amap"
links['android-sdk'] = "http://tools.kali.org/hardware-hacking/android-sdk"
links['apache-users'] = "http://tools.kali.org/web-applications/apache-users"
links['apktool'] = "http://tools.kali.org/reverse-engineering/apktool"
links['arachni'] = "http://tools.kali.org/web-applications/arachni"
links['arduino'] = "http://tools.kali.org/hardware-hacking/arduino"
links['armitage'] = "http://tools.kali.org/exploitation-tools/armitage"
links['asleap'] = "http://tools.kali.org/wireless-attacks/asleap"
links['automater'] = "http://tools.kali.org/information-gathering/automater"
links['backdoor-factory'] = "http://tools.kali.org/exploitation-tools/backdoor-factory"
links['bbqsql'] = "http://tools.kali.org/vulnerability-analysis/bbqsql"
links['bed'] = "http://tools.kali.org/vulnerability-analysis/bed"
links['beef'] = "http://tools.kali.org/exploitation-tools/beef-xss"
links['bing-ip2hosts'] = "http://tools.kali.org/information-gathering/bing-ip2hosts"
links['binwalk'] = "http://tools.kali.org/forensics/binwalk"
links['blindelephant'] = "http://tools.kali.org/web-applications/blindelephant"
links['bluelog'] = "http://tools.kali.org/wireless-attacks/bluelog"
links['bluemaho'] = "http://tools.kali.org/wireless-attacks/bluemaho"
links['bluepot'] = "http://tools.kali.org/wireless-attacks/bluepot"
links['blueranger'] = "http://tools.kali.org/wireless-attacks/blueranger"
links['bluesnarfer'] = "http://tools.kali.org/wireless-attacks/bluesnarfer"
links['braa'] = "http://tools.kali.org/information-gathering/braa"
links['bulk-extractor'] = "http://tools.kali.org/forensics/bulk-extractor"
links['bully'] = "http://tools.kali.org/wireless-attacks/bully"
links['burp-suite'] = "http://tools.kali.org/web-applications/burpsuite"
links['capstone'] = "http://tools.kali.org/forensics/capstone"
links['casefile'] = "http://tools.kali.org/information-gathering/casefile"
links['cdpsnarf'] = "http://tools.kali.org/information-gathering/cdpsnarf"
links['cewl'] = "http://tools.kali.org/password-attacks/cewl"
links['chntpw'] = "http://tools.kali.org/password-attacks/chntpw"
links['cisco-auditing-tool'] = "http://tools.kali.org/vulnerability-analysis/cisco-auditing-tool"
links['cisco-global-exploiter'] = "http://tools.kali.org/vulnerability-analysis/cisco-global-exploiter"
links['cisco-ocs'] = "http://tools.kali.org/vulnerability-analysis/cisco-ocs"
links['cisco-torch'] = "http://tools.kali.org/information-gathering/cisco-torch"
links['cmospwd'] = "http://tools.kali.org/password-attacks/cmospwd"
links['commix'] = "http://tools.kali.org/exploitation-tools/commix"
links['cookie-cadger'] = "http://tools.kali.org/information-gathering/cookie-cadger"
links['copy-router-config'] = "http://tools.kali.org/information-gathering/copy-router-config"
links['cowpatty'] = "http://tools.kali.org/wireless-attacks/cowpatty"
links['crackle'] = "http://tools.kali.org/wireless-attacks/crackle"
links['creddump'] = "http://tools.kali.org/password-attacks/creddump"
links['crunch'] = "http://tools.kali.org/password-attacks/crunch"
links['cryptcat'] = "http://tools.kali.org/maintaining-access/cryptcat"
links['cuckoo'] = "http://tools.kali.org/forensics/cuckoo"
links['cutycapt'] = "http://tools.kali.org/web-applications/cutycapt"
links['cymothoa'] = "http://tools.kali.org/maintaining-access/cymothoa"
links['davtest'] = "http://tools.kali.org/web-applications/davtest"
links['dbd'] = "http://tools.kali.org/maintaining-access/dbd"
links['dbpwaudit'] = "http://tools.kali.org/vulnerability-analysis/dbpwaudit"
links['dc3dd'] = "http://tools.kali.org/forensics/dc3dd"
links['ddrescue'] = "http://tools.kali.org/forensics/ddrescue"
links['deblaze'] = "http://tools.kali.org/web-applications/deblaze"
links['dex2jar'] = "http://tools.kali.org/reverse-engineering/dex2jar"
links['dff'] = "http://tools.kali.org/forensics/dff"
links['dhcpig'] = "http://tools.kali.org/stress-testing/dhcpig"
links['dirb'] = "http://tools.kali.org/web-applications/dirb"
links['dirbuster'] = "http://tools.kali.org/web-applications/dirbuster"
links['distorm3'] = "http://tools.kali.org/reverse-engineering/distorm3"
links['dmitry'] = "http://tools.kali.org/information-gathering/dmitry"
links['dnmap'] = "http://tools.kali.org/information-gathering/dnmap"
links['dns2tcp'] = "http://tools.kali.org/maintaining-access/dns2tcp"
links['dnschef'] = "http://tools.kali.org/sniffingspoofing/dnschef"
links['dnsenum'] = "http://tools.kali.org/information-gathering/dnsenum"
links['dnsmap'] = "http://tools.kali.org/information-gathering/dnsmap"
links['dnsrecon'] = "http://tools.kali.org/information-gathering/dnsrecon"
links['dnstracer'] = "http://tools.kali.org/information-gathering/dnstracer"
links['dnswalk'] = "http://tools.kali.org/information-gathering/dnswalk"
links['doona'] = "http://tools.kali.org/vulnerability-analysis/doona"
links['dos2unix'] = "http://tools.kali.org/reporting-tools/dos2unix"
links['dotdotpwn'] = "http://tools.kali.org/information-gathering/dotdotpwn"
links['dradis'] = "http://tools.kali.org/reporting-tools/dradis"
links['dumpzilla'] = "http://tools.kali.org/forensics/dumpzilla"
links['eapmd5pass'] = "http://tools.kali.org/wireless-attacks/eapmd5pass"
links['edb-debugger'] = "http://tools.kali.org/reverse-engineering/edb-debugger"
links['enum4linux'] = "http://tools.kali.org/information-gathering/enum4linux"
links['enumiax'] = "http://tools.kali.org/information-gathering/enumiax"
links['exploitdb'] = "http://tools.kali.org/exploitation-tools/exploitdb"
links['extundelete'] = "http://tools.kali.org/forensics/extundelete"
links['faraday'] = "http://tools.kali.org/information-gathering/faraday"
links['fern-wifi-cracker'] = "http://tools.kali.org/wireless-attacks/fern-wifi-cracker"
links['fierce'] = "http://tools.kali.org/information-gathering/fierce"
links['fiked'] = "http://tools.kali.org/sniffingspoofing/fiked"
links['fimap'] = "http://tools.kali.org/web-applications/fimap"
links['findmyhash'] = "http://tools.kali.org/password-attacks/findmyhash"
links['firewalk'] = "http://tools.kali.org/information-gathering/firewalk"
links['foremost'] = "http://tools.kali.org/forensics/foremost"
links['fragroute'] = "http://tools.kali.org/information-gathering/fragroute"
links['fragrouter'] = "http://tools.kali.org/information-gathering/fragrouter"
links['funkload'] = "http://tools.kali.org/web-applications/funkload"
links['galleta'] = "http://tools.kali.org/forensics/galleta"
links['ghost-phisher'] = "http://tools.kali.org/information-gathering/ghost-phisher"
links['giskismet'] = "http://tools.kali.org/wireless-attacks/giskismet"
links['gobuster'] = "http://tools.kali.org/web-applications/gobuster"
links['golismero'] = "http://tools.kali.org/information-gathering/golismero"
links['goofile'] = "http://tools.kali.org/information-gathering/goofile"
links['gpp-decrypt'] = "http://tools.kali.org/password-attacks/gpp-decrypt"
links['gqrx'] = "http://tools.kali.org/wireless-attacks/gqrx"
links['gr-scan'] = "http://tools.kali.org/wireless-attacks/gr-scan"
links['grabber'] = "http://tools.kali.org/web-applications/grabber"
links['guymager'] = "http://tools.kali.org/forensics/guymager"
links['hamster-sidejack'] = "http://tools.kali.org/sniffingspoofing/hamster-sidejack"
links['hash-identifier'] = "http://tools.kali.org/password-attacks/hash-identifier"
links['hexinject'] = "http://tools.kali.org/sniffingspoofing/hexinject"
links['hexorbase'] = "http://tools.kali.org/vulnerability-analysis/hexorbase"
links['hostapd-wpe'] = "http://tools.kali.org/wireless-attacks/hostapd-wpe"
links['hping3'] = "http://tools.kali.org/information-gathering/hping3"
links['http-tunnel'] = "http://tools.kali.org/maintaining-access/http-tunnel"
links['httptunnel'] = "http://tools.kali.org/maintaining-access/httptunnel"
links['iaxflood'] = "http://tools.kali.org/sniffingspoofing/iaxflood"
links['ident-user-enum'] = "http://tools.kali.org/information-gathering/ident-user-enum"
links['inguma'] = "http://tools.kali.org/vulnerability-analysis/inguma"
links['intersect'] = "http://tools.kali.org/maintaining-access/intersect"
links['intrace'] = "http://tools.kali.org/information-gathering/intrace"
links['inundator'] = "http://tools.kali.org/stress-testing/inundator"
links['inviteflood'] = "http://tools.kali.org/sniffingspoofing/inviteflood"
links['iphone-backup-analyzer'] = "http://tools.kali.org/forensics/iphone-backup-analyzer"
links['ipv6-toolkit'] = "http://tools.kali.org/stress-testing/ipv6-toolkit"
links['ismtp'] = "http://tools.kali.org/information-gathering/ismtp"
links['isr-evilgrade'] = "http://tools.kali.org/sniffingspoofing/isr-evilgrade"
links['jad'] = "http://tools.kali.org/reverse-engineering/jad"
links['javasnoop'] = "http://tools.kali.org/reverse-engineering/javasnoop"
links['jboss-autopwn'] = "http://tools.kali.org/web-applications/jboss-autopwn"
links['jd-gui'] = "http://tools.kali.org/reverse-engineering/jd-gui"
links['john-the-ripper'] = "http://tools.kali.org/password-attacks/john"
links['johnny'] = "http://tools.kali.org/password-attacks/johnny"
links['joomscan'] = "http://tools.kali.org/web-applications/joomscan"
links['jsql'] = "http://tools.kali.org/vulnerability-analysis/jsql"
links['kalibrate-rtl'] = "http://tools.kali.org/wireless-attacks/kalibrate-rtl"
links['keepnote'] = "http://tools.kali.org/reporting-tools/keepnote"
links['keimpx'] = "http://tools.kali.org/password-attacks/keimpx"
links['killerbee'] = "http://tools.kali.org/wireless-attacks/killerbee"
links['kismet'] = "http://tools.kali.org/wireless-attacks/kismet"
links['lbd'] = "http://tools.kali.org/information-gathering/lbd"
links['linux-exploit-suggester'] = "http://tools.kali.org/exploitation-tools/linux-exploit-suggester"
links['lynis'] = "http://tools.kali.org/vulnerability-analysis/lynis"
links['magictree'] = "http://tools.kali.org/reporting-tools/magictree"
links['maltego-teeth'] = "http://tools.kali.org/information-gathering/maltego-teeth"
links['maskprocessor'] = "http://tools.kali.org/password-attacks/maskprocessor"
links['masscan'] = "http://tools.kali.org/information-gathering/masscan"
links['mdk3'] = "http://tools.kali.org/wireless-attacks/mdk3"
links['metagoofil'] = "http://tools.kali.org/information-gathering/metagoofil"
links['metasploit-framework'] = "http://tools.kali.org/exploitation-tools/metasploit-framework"
links['mfcuk'] = "http://tools.kali.org/wireless-attacks/mfcuk"
links['mfoc'] = "http://tools.kali.org/wireless-attacks/mfoc"
links['mfterm'] = "http://tools.kali.org/wireless-attacks/mfterm"
links['miranda'] = "http://tools.kali.org/information-gathering/miranda"
links['mitmproxy'] = "http://tools.kali.org/sniffingspoofing/mitmproxy"
links['multiforcer'] = "http://tools.kali.org/password-attacks/multiforcer"
links['multimon-ng'] = "http://tools.kali.org/wireless-attacks/multimon-ng"
links['nbtscan-unixwiz'] = "http://tools.kali.org/information-gathering/nbtscan-unixwiz"
links['ncrack'] = "http://tools.kali.org/password-attacks/ncrack"
links['nipper-ng'] = "http://tools.kali.org/reporting-tools/nipper-ng"
links['nishang'] = "http://tools.kali.org/maintaining-access/nishang"
links['nmap'] = "http://tools.kali.org/information-gathering/nmap"
links['ntop'] = "http://tools.kali.org/information-gathering/ntop"
links['oclgausscrack'] = "http://tools.kali.org/password-attacks/oclgausscrack"
links['ohrwurm'] = "http://tools.kali.org/vulnerability-analysis/ohrwurm"
links['ollydbg'] = "http://tools.kali.org/reverse-engineering/ollydbg"
links['oscanner'] = "http://tools.kali.org/vulnerability-analysis/oscanner"
links['p0f'] = "http://tools.kali.org/information-gathering/p0f"
links['pack'] = "http://tools.kali.org/password-attacks/pack"
links['padbuster'] = "http://tools.kali.org/web-applications/padbuster"
links['paros'] = "http://tools.kali.org/web-applications/paros"
links['parsero'] = "http://tools.kali.org/information-gathering/parsero"
links['patator'] = "http://tools.kali.org/password-attacks/patator"
links['pdf-parser'] = "http://tools.kali.org/forensics/pdf-parser"
links['pdfid'] = "http://tools.kali.org/forensics/pdfid"
links['pdgmail'] = "http://tools.kali.org/forensics/pdgmail"
links['peepdf'] = "http://tools.kali.org/forensics/peepdf"
links['phrasendrescher'] = "http://tools.kali.org/password-attacks/phrasendrescher"
links['pipal'] = "http://tools.kali.org/reporting-tools/pipal"
links['pixiewps'] = "http://tools.kali.org/wireless-attacks/pixiewps"
links['plecost'] = "http://tools.kali.org/web-applications/plecost"
links['polenum'] = "http://tools.kali.org/password-attacks/polenum"
links['powerfuzzer'] = "http://tools.kali.org/vulnerability-analysis/powerfuzzer"
links['powersploit'] = "http://tools.kali.org/maintaining-access/powersploit"
links['protos-sip'] = "http://tools.kali.org/sniffingspoofing/protos-sip"
links['proxystrike'] = "http://tools.kali.org/web-applications/proxystrike"
links['pwnat'] = "http://tools.kali.org/maintaining-access/pwnat"
links['rainbowcrack'] = "http://tools.kali.org/password-attacks/rainbowcrack"
links['rcracki-mt'] = "http://tools.kali.org/password-attacks/rcracki-mt"
links['reaver'] = "http://tools.kali.org/wireless-attacks/reaver"
links['rebind'] = "http://tools.kali.org/sniffingspoofing/rebind"
links['recon-ng'] = "http://tools.kali.org/information-gathering/recon-ng"
links['redfang'] = "http://tools.kali.org/wireless-attacks/redfang"
links['regripper'] = "http://tools.kali.org/forensics/regripper"
links['responder'] = "http://tools.kali.org/sniffingspoofing/responder"
links['ridenum'] = "http://tools.kali.org/maintaining-access/ridenum"
links['routersploit'] = "http://tools.kali.org/exploitation-tools/routersploit"
links['rsmangler'] = "http://tools.kali.org/password-attacks/rsmangler"
links['rtlsdr-scanner'] = "http://tools.kali.org/wireless-attacks/rtlsdr-scanner"
links['rtpbreak'] = "http://tools.kali.org/sniffingspoofing/rtpbreak"
links['rtpflood'] = "http://tools.kali.org/stress-testing/rtpflood"
links['rtpinsertsound'] = "http://tools.kali.org/sniffingspoofing/rtpinsertsound"
links['rtpmixsound'] = "http://tools.kali.org/sniffingspoofing/rtpmixsound"
links['sakis3g'] = "http://tools.kali.org/hardware-hacking/sakis3g"
links['sbd'] = "http://tools.kali.org/maintaining-access/sbd"
links['sctpscan'] = "http://tools.kali.org/sniffingspoofing/sctpscan"
links['set'] = "http://tools.kali.org/information-gathering/set"
links['sfuzz'] = "http://tools.kali.org/vulnerability-analysis/sfuzz"
links['shellnoob'] = "http://tools.kali.org/exploitation-tools/shellnoob"
links['sidguesser'] = "http://tools.kali.org/vulnerability-analysis/sidguesser"
links['siparmyknife'] = "http://tools.kali.org/vulnerability-analysis/siparmyknife"
links['sipp'] = "http://tools.kali.org/sniffingspoofing/sipp"
links['sipvicious'] = "http://tools.kali.org/sniffingspoofing/sipvicious"
links['skipfish'] = "http://tools.kali.org/web-applications/skipfish"
links['slowhttptest'] = "http://tools.kali.org/stress-testing/slowhttptest"
links['smali'] = "http://tools.kali.org/reverse-engineering/smali"
links['smtp-user-enum'] = "http://tools.kali.org/information-gathering/smtp-user-enum"
links['sniffjoke'] = "http://tools.kali.org/sniffingspoofing/sniffjoke"
links['snmp-check'] = "http://tools.kali.org/information-gathering/snmp-check"
links['sparta'] = "http://tools.kali.org/information-gathering/sparta"
links['spooftooph'] = "http://tools.kali.org/wireless-attacks/spooftooph"
links['sqldict'] = "http://tools.kali.org/password-attacks/sqldict"
links['sqlmap'] = "http://tools.kali.org/vulnerability-analysis/sqlmap"
links['sqlninja'] = "http://tools.kali.org/vulnerability-analysis/sqlninja"
links['sqlsus'] = "http://tools.kali.org/vulnerability-analysis/sqlsus"
links['sslcaudit'] = "http://tools.kali.org/information-gathering/sslcaudit"
links['sslsplit'] = "http://tools.kali.org/information-gathering/sslsplit"
links['sslstrip'] = "http://tools.kali.org/information-gathering/sslstrip"
links['sslyze'] = "http://tools.kali.org/information-gathering/sslyze"
links['statsprocessor'] = "http://tools.kali.org/password-attacks/statsprocessor"
links['t50'] = "http://tools.kali.org/stress-testing/t50"
links['termineter'] = "http://tools.kali.org/stress-testing/termineter"
links['thc-hydra'] = "http://tools.kali.org/password-attacks/hydra"
links['thc-ipv6'] = "http://tools.kali.org/information-gathering/thc-ipv6"
links['thc-pptp-bruter'] = "http://tools.kali.org/password-attacks/thc-pptp-bruter"
links['thc-ssl-dos'] = "http://tools.kali.org/stress-testing/thc-ssl-dos"
links['theharvester'] = "http://tools.kali.org/information-gathering/theharvester"
links['tlssled'] = "http://tools.kali.org/information-gathering/tlssled"
links['tnscmd10g'] = "http://tools.kali.org/vulnerability-analysis/tnscmd10g"
links['truecrack'] = "http://tools.kali.org/password-attacks/truecrack"
links['twofi'] = "http://tools.kali.org/information-gathering/twofi"
links['u3-pwn'] = "http://tools.kali.org/maintaining-access/u3-pwn"
links['ua-tester'] = "http://tools.kali.org/web-applications/ua-tester"
links['uniscan'] = "http://tools.kali.org/web-applications/uniscan"
links['unix-privesc-check'] = "http://tools.kali.org/vulnerability-analysis/unix-privesc-check"
links['urlcrazy'] = "http://tools.kali.org/information-gathering/urlcrazy"
links['valgrind'] = "http://tools.kali.org/reverse-engineering/valgrind"
links['vega'] = "http://tools.kali.org/web-applications/vega"
links['voiphopper'] = "http://tools.kali.org/sniffingspoofing/voiphopper"
links['volatility'] = "http://tools.kali.org/forensics/volatility"
links['w3af'] = "http://tools.kali.org/web-applications/w3af"
links['webscarab'] = "http://tools.kali.org/web-applications/webscarab"
links['webshag'] = "http://tools.kali.org/web-applications/webshag"
links['webshells'] = "http://tools.kali.org/maintaining-access/webshells"
links['webslayer'] = "http://tools.kali.org/web-applications/webslayer"
links['websploit'] = "http://tools.kali.org/web-applications/websploit"
links['weevely'] = "http://tools.kali.org/maintaining-access/weevely"
links['wfuzz'] = "http://tools.kali.org/web-applications/wfuzz"
links['wifi-honey'] = "http://tools.kali.org/wireless-attacks/wifi-honey"
links['wifiphisher'] = "http://tools.kali.org/wireless-attacks/wifiphisher"
links['wifitap'] = "http://tools.kali.org/wireless-attacks/wifitap"
links['wifite'] = "http://tools.kali.org/wireless-attacks/wifite"
links['winexe'] = "http://tools.kali.org/maintaining-access/winexe"
links['wireshark'] = "http://tools.kali.org/information-gathering/wireshark"
links['wol-e'] = "http://tools.kali.org/information-gathering/wol-e"
links['wordlists'] = "http://tools.kali.org/password-attacks/wordlists"
links['wpscan'] = "http://tools.kali.org/web-applications/wpscan"
links['xplico'] = "http://tools.kali.org/information-gathering/xplico"
links['xspy'] = "http://tools.kali.org/sniffingspoofing/xspy"
links['xsser'] = "http://tools.kali.org/web-applications/xsser"
links['yara'] = "http://tools.kali.org/reverse-engineering/yara"
links['yersinia'] = "http://tools.kali.org/vulnerability-analysis/yersinia"
links['zaproxy'] = "http://tools.kali.org/web-applications/zaproxy"